[Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jul 13 15:45:08 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229477
--- Comment #9 from Kajetan Staszkiewicz <vegeta at tuxpowered.net> ---
I ran some tests and the patch seems correct.
If I understand correctly, my patch prevented "return(action)" to be called for
pf_create_state returning with synproxy and this one restores this behaviour
while still allowing pf_return for really failed rules.
Unfortunately I found out that fail-policy does not really work for rdr rules,
probably because they are not really normal rules with rule number and so on,
even if they create a state ("rdr pass"). I assume fixing that should be my own
job in another bug report.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list